通過公鑰遠程登錄sshd認證


一、root賬號使用ssh-keygen 生成密匙

[root@vmware ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a8:15:87:79:47:07:10:cf:c7:73:3c:bd:91:11:2b:12 root@vmware
The key's randomart image is:
+--[ RSA 2048]----+
|        oooE.  o.|
|       o + o.. .+|
|      + o +.+.++.|
|       = . ..o..o|
|      o S      . |
|     o           |
|    .            |
|                 |
|                 |
+-----------------+
[root@vmware ~]#

二、發布公鑰  -i 指定本地公鑰存放路徑

[root@vmware ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.113 -p36000
The authenticity of host '[10.0.1.113]:36000 ([10.0.1.113]:36000)' can't be established.
ECDSA key fingerprint is 00:6b:71:8a:34:4c:60:d8:ff:c6:81:27:77:77:d1:ff.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.1.113's password:   

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '36000' 'root@10.0.1.113'"
and check to make sure that only the key(s) you wanted were added.

 

三、直接登錄

[root@vmware ~]# ssh root@10.0.1.113 -p36000
Last login: Thu May 24 16:02:49 2018 from 10.0.5.134
[root@yzh-jkb-privatization ~]#

 

四、直接查看拷貝過去的文件,會將id_dsa.pub 重命名為:

[root@yzh-jkb-privatization /]# ls /root/.ssh/authorized_keys
/root/.ssh/authorized_keys
[root@yzh-jkb-privatization .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/mi0jrbM13E8f89yFy+Mro2u+VYoSAiXgoOMrm2eZlss6nHdp8oV/qGTGucNPPVGGB6rHm6fvl/Z75u2CExJWUw3bSvevHieV3dfHngPHANDnxM6JXtr6DBjKVcKm3Bv+QlpvUJ/LJixnsTE4rgX4G1OWCP92q77eM0LEhD8eZllXCC/AkLxxxxxxxxxVNZehmR5BhJ/d4/Ad26idABX67dsQHZ1BxAha1AFF9uwZeNw1oJWqahkXFY8l+3YEWkrqBZsDZ67A81DmTBV7bbqwcqicHejHbScN101tg973XACGkXQxugPkGJxozn64CCs0dIt+Dk7qe4HYbTtE37
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCntTKU2jJhHWNt3PfMM2443B+t5R4mrgVQ3UoqRoSaSVMaLkSOpxl9NW2KPYf0U3MueV0rPpW1MnzL1YYITKqvhvrq0ae5ByRsdoEJK62tJc5RrPt2RHRdN1hrImz3Bmpc5mC9bAvqESzeTvMRhHZe/rL1WDZ4qDV1DGKCaxxxxxxxxEflwNVzUTAGXPQcKg54adnF4GYCEArzFd1PbGK6M24pjlQ3lBEyvMtZf2N8Jl/Q8bScbMCO2Fm/bjHyB33ix2RjCfvdF8hWY0weVgtdC6U+uRf1EGjTsEjU16EyfkmaoD+IYnlqF/ffSBHsr128cQaZhv+Af admin@steven.local
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDK5fz2aaIL3FgYETzFemnzoemZhJ6VBE/+HfDvrNgAqkjr/FlPrJWO1iObpIBLgxxxxxxxg6X1l6oTONXc8W1G4bFDnAuw1r/ZY1uVPi/sadqEl7jPE8XLqeV70L7E5wDyrkq2H2sZr8rA4hQ/f+l12jLaG0b3pd2U7rA7ylazsd3eYxpik5B4/arepf/exy/zEyTQkTXo7OVbFae0fWn/yThlu6UA1cqIankYsX3toy5FhO1LO21dEFiWgJ+wcykQiE7fndErX+Ht9vX1T80oPqNSBFFRELUVHGP42R4JtVzFdjlrcwpAcdFJ9Ry8LutUEdGGl2xHM9Ki7Ld9+Z root@vmware

五、普通用戶登錄

1、本機創建用戶  useradd username

2、echo xxx密碼   | passwd --stdin username

3、ssh-copy-d -i /root/.ssh/id_rsa.pub username@10.0.1.113

 

六、把文件從遠程主機 copy 到當前系統

[root@vmware ~]# scp -P36000 root@10.0.1.113:/jkb-install-20180420.tar.gz /
jkb-install-20180420.tar.gz                              4%   47MB   8.3MB/s   02:09 ETA


拷貝目錄  加 -r 參數

 

七、服務端配置

[root@vmware ~]# cat /etc/ssh/sshd_config

1、說明

#Port 22          # 默認  不是注釋  
Port 36000        # 可以添加多個端口號

#ListenAddress 0.0.0.0   #設置sshd服務器綁定的ip地址,0.0.0.0 表示監聽多有地址
ListenAddress 10.0.1.119  # 只允許此ip訪問

#Protocol 2      # 協議,如果用1,在后面添加      ,1
#LogLevel INFO            # 日志記錄登記 info級別以上
#PermitRootLogin yes   # 默認允許root用戶登錄

PasswordAuthentication yes   # 密碼驗證
#PermitEmptyPasswords no   # 允許密碼為空  no

#LoginGraceTime 2m             # 登錄時輸入密碼時間,如果超過改時間,強迫斷線,無單位時為s

#PrintMotd yes    # 登錄后是否顯示一些信息,打印的是/etc/motd 這個文檔的內容。

#UseDNS yes   #判斷客戶端來源是否正常合法,因此會使用DNS反查客戶主機名,如果在內網連接,設置為no  聯機速度會快一些

UsePrivilegeSeparation sandbox  
# 是否權限較低的程序提供用戶操作,當普通用戶登錄,這個值會讓sshd產生一個屬於自己的sshd程序來使用,而不是root的程序,相對系統來說較為安全。

 

2、日志存放目錄/var/log/secure

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

 

3、

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM